Update traefik with secrets.
This commit is contained in:
parent
cfa6eac308
commit
2de4849816
|
@ -8,6 +8,12 @@ networks:
|
||||||
proxy:
|
proxy:
|
||||||
external: true
|
external: true
|
||||||
|
|
||||||
|
secrets:
|
||||||
|
cloudflare_account_email_address:
|
||||||
|
file: /srv/secrets/traefik/email
|
||||||
|
cloudflare_dns_api_token:
|
||||||
|
file: /srv/secrets/traefik/token
|
||||||
|
|
||||||
services:
|
services:
|
||||||
reverse-proxy:
|
reverse-proxy:
|
||||||
container_name: traefik
|
container_name: traefik
|
||||||
|
@ -20,6 +26,9 @@ services:
|
||||||
# Use the public network created to be shared between Traefik and
|
# Use the public network created to be shared between Traefik and
|
||||||
# any other service that needs to be publicly available with HTTPS
|
# any other service that needs to be publicly available with HTTPS
|
||||||
- proxy
|
- proxy
|
||||||
|
secrets:
|
||||||
|
- cloudflare_account_email_address
|
||||||
|
- cloudflare_dns_api_token
|
||||||
command:
|
command:
|
||||||
- --providers.docker # Enable Docker in Traefik, so that it reads labels from Docker services
|
- --providers.docker # Enable Docker in Traefik, so that it reads labels from Docker services
|
||||||
- --providers.docker.exposedbydefault=false # Do not expose all Docker services, only the ones explicitly exposed
|
- --providers.docker.exposedbydefault=false # Do not expose all Docker services, only the ones explicitly exposed
|
||||||
|
@ -31,7 +40,6 @@ services:
|
||||||
# Set up LetsEncrypt
|
# Set up LetsEncrypt
|
||||||
- --certificatesresolvers.letsencrypt.acme.dnschallenge=true
|
- --certificatesresolvers.letsencrypt.acme.dnschallenge=true
|
||||||
- --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare
|
- --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=cloudflare
|
||||||
- --certificatesresolvers.letsencrypt.acme.email=${EMAIL_ADDRESS}
|
|
||||||
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
|
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
|
||||||
# Set up an insecure listener that redirects all traffic to TLS
|
# Set up an insecure listener that redirects all traffic to TLS
|
||||||
- --entrypoints.web.address=:80
|
- --entrypoints.web.address=:80
|
||||||
|
@ -49,12 +57,13 @@ services:
|
||||||
- /var/run/docker.sock:/var/run/docker.sock:ro # Add Docker as a mounted volume, so that Traefik can read the labels of other services
|
- /var/run/docker.sock:/var/run/docker.sock:ro # Add Docker as a mounted volume, so that Traefik can read the labels of other services
|
||||||
- /srv/volumes/letsencrypt:/letsencrypt
|
- /srv/volumes/letsencrypt:/letsencrypt
|
||||||
environment:
|
environment:
|
||||||
- CLOUDFLARE_EMAIL=${CLOUDFLARE_ACCOUNT_EMAIL_ADDRESS}
|
CLOUDFLARE_EMAIL_FILE: /run/secrets/cloudflare_account_email_address
|
||||||
- CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_TOKEN_GOES_HERE}
|
CLOUDFLARE_DNS_API_TOKEN_FILE: /run/secrets/cloudflare_dns_api_token
|
||||||
|
# https://go-acme.github.io/lego/dns/cloudflare/
|
||||||
labels:
|
labels:
|
||||||
- traefik.enable=true
|
- traefik.enable=true
|
||||||
- traefik.http.routers.dashboard.service=api@internal
|
- traefik.http.routers.dashboard.service=api@internal # TODO: not working
|
||||||
- traefik.http.routers.dashboard.rule=Host(`traefik.889217.xyz`)
|
- traefik.http.routers.dashboard.rule=Host(`traefik.golem.linux.it`)
|
||||||
- traefik.http.routers.dashboard.entrypoints=websecure
|
- traefik.http.routers.dashboard.entrypoints=websecure
|
||||||
- traefik.http.routers.dashboard.tls.certresolver=letsencrypt
|
- traefik.http.routers.dashboard.tls.certresolver=letsencrypt
|
||||||
healthcheck:
|
healthcheck:
|
||||||
|
|
Loading…
Reference in New Issue